General

  • Target

    58f42737cd5cd7e59d97167d8fd69485_JaffaCakes118

  • Size

    70KB

  • Sample

    240519-g1qtaaea9z

  • MD5

    58f42737cd5cd7e59d97167d8fd69485

  • SHA1

    58d3d28728f005feebdbe8189f3ae6491c839a8a

  • SHA256

    0cc1b59001472b0c7b3f2c7ec319379ae3a0cf20cb6df505f5dfcb6f097ab94d

  • SHA512

    b7b941a391c17cb7326b98e210f29256b8a43c8eeaf4c886999da95e9092debfc42a22d133f35dcf0c582be511e6cba0a733d1c066c65b4a3ae3e5cbb9df772b

  • SSDEEP

    1536:IptJlmrJpmxlRw99NBv+aNZOVbeqIJNa:Qte2dw99fIbl0

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://alkhashen.com/Z

exe.dropper

http://depisce.com/w9rzO0u

exe.dropper

http://interconectiva.com.br/d3Psek

exe.dropper

http://cmitik.ru/HkQRV7f

exe.dropper

http://xn--b1abfba5bieepl.xn--p1ai/9D2mKlAw

Targets

    • Target

      58f42737cd5cd7e59d97167d8fd69485_JaffaCakes118

    • Size

      70KB

    • MD5

      58f42737cd5cd7e59d97167d8fd69485

    • SHA1

      58d3d28728f005feebdbe8189f3ae6491c839a8a

    • SHA256

      0cc1b59001472b0c7b3f2c7ec319379ae3a0cf20cb6df505f5dfcb6f097ab94d

    • SHA512

      b7b941a391c17cb7326b98e210f29256b8a43c8eeaf4c886999da95e9092debfc42a22d133f35dcf0c582be511e6cba0a733d1c066c65b4a3ae3e5cbb9df772b

    • SSDEEP

      1536:IptJlmrJpmxlRw99NBv+aNZOVbeqIJNa:Qte2dw99fIbl0

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks